Basically, the new scheme is an old-school drive-by download. Users trying to buy tickets through the site might come across the script embedded in several webpages.
The malware, which has been detected as Mal/ObfJS-R, will attempt to download further malicious content from a remote site.
"This is not the first time that hackers have attempted to capitalize on sporting events, and unfortunately in the run up to the competition this summer, we’re likely to see more sites like this being hacked, as well as other scams preying on football fans’ fervour," said Graham Cluley, senior technology consultant at Sophos. "Fans keen to get tickets to a game need to make sure they don’t get carried away in the excitement and score an own goal before kick off. It’s essential that all computer users ensure their security settings are up to date and able to defend against these threats."